Author: John Miles


Monday morning first thing and the phone rings. It’s a typical
call, since the previous Thursday a small business has noticed
that some of the images on it’s’ website are starting to appear
on other sites. They know enough to understand that once these
images are out, they will be unable to prevent their spread.
What they’re after now is advice on how to stop them from being
stolen in the first place.

Everyone is always wiser after the event and there is a certain
complacency in all of us that says it’s not going to happen to
me but when it does we need to know what we can do about it. In
this case the damage has been done. Someone had hacked into
their site and downloaded approximately 20,000 images. Some of
these were licensed from image suppliers and some were taken by
themselves at great expense. The cost to the company is easy to
work out in terms of what they paid for the images in the first
place, but what is more difficult to ascertain is the ongoing
revenue loss that will occur.

Ongoing loss because the nature of these images means that the
more exposure they get, the smaller their value becomes. In this
case the law of supply and demand applies to intellectual
property just as much as anything else. By the time the web
server logs were checked and the perpetrators identified, six
days had elapsed. In that time these images were identified on
twenty eight different websites and that number was growing by
the day. By then it was a practical impossibility to have them
removed.

Even worse was that the images appeared on an image brokers site
and were actively being sold with a license for use by other
people. The fact that this site was in Russia meant that there
was nothing the company could do to prevent it. In short they
simply had to swallow the loss and try to prevent it happening
again.

What we all need to understand is that it is very difficult, if
not entirely impossible, to prevent your data being stolen. If
they want it badly enough, they will get it. Your job is to make
sure that you make it so difficult, they give up and try
elsewhere. For most of us, the basic security of our website is
handled by the site’s hosts. Being certain of your hosts
capabilities is a good start to securing your data. Have you
ever asked them how they secure your web server? Perhaps now is
a good time to do it.

Web hosting is like any other business. They concentrate
generally on the “bits” you can see in order to get your
business. What they can cut costs on, they will and, although
any good host will have security firmly at the top of their
list, some of the cheaper ones may look at ways of reducing
their spending. One very security conscious host is
www.serverwise.com. I’ve used them for a number of years and
always found them to be good when it comes to protecting your
web site.

After securing your server the next thing to look at has to be
ways of protecting the data. Most theft occurs directly from the
web site itself and if you’re trying to protect images, there
are plenty of watermarking programs that can apply a watermark
to your images. Take a look at www.hotscripts.com for example
and search for watermarking. You can also find hints and tips on
preventing people from saving your files to their local pc on
many sites, http://javascript.internet.com is a good source for
free scripts and searching on Google for javascripts will reveal
more sources.

The company in the example I used earlier had watermarking
protection for all their images but, unfortunately for them, the
watermarking was dynamic meaning that the images themselves were
unwatermarked and the watermarking was applied when the browser
displayed the images. What this meant was that by stealing the
images from the server, the thieves were able to take
unwatermarked images.

There is a way around this and something like Strong Arm from
www.liquidfrog.com can help by taking invisible watermarks or
copyright information and embedding it directly into the image.
Being able to positively identify a file on someone else’s
website as belonging to you can be a strong persuader in making
them remove your content from their site even if they feel
they’ve bought it legitimately. By proving ownership of a file
you can bring a large amount of pressure to bear and save
yourself the legal costs of issuing a cease and desist notice.

So far we’ve looked mainly at ways of preventing image theft.
What if your site contains document files or exe files that you
make available for download perhaps? How do you prevent them
from being stolen? Including a copyright in a text document is
something that everyone should be doing but it’s very easy to
remove that and claim the work as your own. Given the fact that
you are allowing people to take these files from your site, you
should be including a way of identifying them so that, if you
see them on another site, you can prove ownership. Again
something like Strong Arm can help.

Finally, having done what you can to prevent the theft of your
data, you need to check regularly that your web site is still
secure and that your file protection systems are working. You
also need to check what the current trends are for data security
by making sure you understand where the latest threats are
coming from. At the moment China and Russia are the two major
culprits but this will probably change over time as less
advanced countries come up to speed. New ways of stealing data
are always just around the corner and you need to be one step
ahead the whole time. It’s only by keeping on top of it that you
can effectively prevent the data you’ve bought and paid for
being stolen!